Typeform Data Breach Affected More Than Just Millions of Sneakersnstuff Users’ Data

Just days after adidas US announced a huge data breach, international retailer Sneakersnstuff — one of the most popular sneaker boutiques in the world — informed its customers of a breach that compromised names, emails, addresses, and more.

Today, Sneakernstuff customers received an email alerting them that their data had been accessed by an external attacker. The retailer was using Typeform — a Barcelona-based online survey and form building service — to collect sensitive customer data for raffles. According to the email, the “typeforms” affected include SNS’s Daniel Arsham New York and Tom Sachs x NikeCraft Mars Yard.

The compromised data — name, email address, delivery address, and shoe size — had been deleted, and SNS stopped using Typeform in September of 2017, according to the retailer. However, Typeform reports that the attacker managed to get unauthorized access to backup customer data and downloaded parts of it.

According to Bleeping Computer, the backup file contained data gathered from Typeform customers through surveys and online forms up until May 3, 2018. Typeform passwords and user payment card information was not included in the backup file that the attacker(s) took from Typeform’s servers. The company made a formal announcement late Friday night, two days after the initial breach on Wednesday, June 27 at 14:00 CET when it secured the affected server 30 minutes later.

However, one of Typeform’s customers, payment provider Monzo, revealed that data for about 20,000 users who filled out surveys on its site had been exposed, according to Bleeping Computer. And while Sneakersnstuff regularly sees traffic of 5,000,000+ users for a hyped release, Typeform collects data for some of the largest names in the tech industry; according to Wikipedia, it has worked with Apple, Uber, Airbnb, and Nike, and the company’s website lists Trello, HubSpot, Indiegogo, Forbes, and Freshdesk.

This latest data breach comes after a Ticketmaster breach early in the week. Then, on Thursday, adidas US announced its own massive data breach that affected the personal data of millions of customers.

You can read the entire Sneakersnstuff email alert below.


Hello,

We just received a message at 2018-06-29 17:56 GMT+02:00 that a 3rd party service we historically used to collect data for raffles “Typeform” (www.typeform.com) had a data breach, which affected the following typeforms we sent out:

Daniel Arsham New York;
Tom Sachs x NikeCraft Mars Yard

The data compromised was:
– Name
– Email address
– Delivery address
– Shoe size

Although we had deleted the data, Typeform reports that an external attacker managed to get unauthorized access to backup respondent data and downloaded parts of it.

Typeform responded immediately and fixed the source of the breach to prevent any further intrusion.

We stopped using Typeform in September 2017 and no longer use this service in any capacity.

In case your information was downloaded by the attacker, we recommend that you watch out for potential phishing scams, or spam emails.

If you have any other questions, feel free to contact us at
[email protected]

We take protection of your data and privacy seriously and regret this matter occurred.

Sneakersnstuff

sneakersnstuff logo

2 Comments

  1. Can we go a week without our info being stolen? This one didn’t affect me but one from a Target, ebay or paypal, and Adidas’s recent breach apparently did. Thankfully I’m poor as hell from buying so many shoes so even if they do have my bank info they could probably only afford a Happy Meal. And that is my excuse for buying so many shoes now. To keep my money safe.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.